/ Technology

Hackers: should we condemn or embrace them?

11
Profile photo of Sarah Kidner Sarah Kidner
Comments 11

A spate of hacker attacks has hit consumer confidence hard with one in five Britons claiming they’ve lost faith in large organisations. Our opinion of hackers isn’t any better, though perhaps we’re too hard on them?

Forty per cent of respondents to a survey by PC Tools think hacking is never justified, regardless of the motive; two-thirds view hackers as criminals and one in three Brits think they’re anti-social.

If anything I’m surprised these figures aren’t higher. Over the past year there’s been a series of high-profile hacks that have seen personal details stolen from innocent web users – such as the attack on Sony’s PlayStation Network that exposed users to identity theft, and an attack on Travelodge’s customer database.

Are hackers always to blame?

The perception is that there is an underground army of hackers out there laying claim to your personal data. But is that true?

A separate report from security firm Imperva sheds some light on the motivation and intention that drives hackers. The company monitors underground hacker forums and in its latest report reveals the top seven attacks discussed online last year. The top three are: SQL injections, DDoS attacks and spam or junk email.

The first two represent definite strikes at the heart of the large organisations we’ve lost faith in. SQL injections aim to exploit software bugs while in a DDoS attack hackers flood the networks of big businesses with traffic in a bid to take them down.

Only one side of the story

I’d never condone these actions. Like most people I’ve bought goods from a variety of online retailers, have an online bank account and a webmail account. Were any of these to be attacked it would present a serious threat to my personal identity.

However, I don’t think hackers are all bad and, before you crash my inbox, hear me out.

Let’s take Sony’s PlayStation Network as an example. Was it awful that millions of people’s data was exposed? Yes. Has Sony enhanced security since the attack? You betcha.

And, as well as shining an unwanted spotlight on Sony, the debacle raised important questions about how customers are notified of this type of security breach. Sony drew fire from many for delaying to inform customers that their personal data might be at risk.

Lessons to be learned

Another look at Imperva’s report acts as a warning to consumers. It’s critical that big businesses invest in a belt-and-braces approach to security, but we must also do our bit.

There’s a lot of discussion within forums on “social engineering” – i.e. how to con or hustle money out of you. One of the best examples of this is the still prevalent phishing emails that purport to come from your bank and then ask you to enter your personal details.

Hacking for financial gain is wrong. It’s a crime and the authorities should fight it. But there’s a small minority of the hacking community that hacks companies to show them where they’re going wrong. Many of these people become ethical hackers and a very few end up working for the very companies they’ve hacked.

Should we tarnish all hackers with the same brush? I’d argue not.

Do you think all hackers are bad?

Yes (55%, 120 Votes)

No (38%, 84 Votes)

Don't know (7%, 16 Votes)

Total Voters: 220

Loading ... Loading ...
Comments
11
Member
William says:
10 October 2011

Well if companies took their responsibilty to data security seriously, no one would be tempted to hack as they’d be getting nowhere fast. Unfortunately most companies are run by muppets who don’t understand the problem ( and won’t listen to theose they’ve employed that do ) and only see it as an expenditure that can be cost cut. Especially as it doesnt generate revenue.

0
 |     Reply    Report
Share   
Member
richard says:
10 October 2011

First a lot of Hackers are Computer nerds and look on hacking as an intellectual exercise to see if they can penetrate the security.

I will never use social networks because I think they are far too slack and open.

Nor will I ever answer any personal questions on-line by phone or email unless I instigate the call first. It cannot completely eliminate hacking but does go a long way to stop it.

0
 |     Reply    Report
Share   
Member
Dave A says:
11 October 2011

Hacking covers a lot of different things. On one hand it’s breaking into security systems for financial gain, but there are many things that I use today that have been enabled by hackers. For example, dvd ripping software (which still seems a bit grey in terms of legality), my jailbroken iphone that allows me to use my work sim card in my iphone. Jailbreaking the iphone, incidentally, is what spurred Apple to allow third party apps, and provided them inspiration to create the App Store. There are many other ‘hacks’ that break in built security in the devices we use at home to allow us to use them in ways not intended by the manufacturer. The hacks use the same techniques that hackers of banking systems use. Another example is XBMC which originally was a a way of turning an xbox (original) into a media center that plugs into your tv. People still use it today.

0
 |     Reply    Report
Share   
Member
Anonymous says:
11 October 2011

And then there are politcally motivated hackers – those who see government or corporate corruption and are otherwise helpless to expose this corruption. Would you also condemn the hacker who has gone on to shine a light on this corruption?

Here’s an obvious example of that [1] – HBGary was hacked, and it was revealed that they had a secret plan to criminally discredit a legitimate Salon journalist named Glenn Greenwald.

There’s also the wikileaks data dumps of US-government mass killings of civilians in Iraq and elsewhere. Without these hackers, we’d still be in the dark!

[1] http://www.techdirt.com/articles/20110209/22340513034/leaked-hbgary-documents-show-plan-to-spread-wikileaks-propaganda-bofa-attack-glenn-greenwald.shtml

0
 |     Reply    Report
Share   
Member
dean says:
11 October 2011

Hackers should be given jobs and lots of praise.

They highlight all the issues that the companies have neglected due to budgetary issues, and these are security/testing issues, things that companies ALWAYS scrimp on when budget is tight.

0
 |     Reply    Report
Share   
Member
tweetiepooh says:
11 October 2011

This is why there are the 2 terms hackers and crackers where it’s the latter that simply break into systems to cause problems. The former break into systems to see if it can be done or to exercise their brains and capabilities. It may not even be breaking into someone else’s system but looking at how software/systems work to maybe use it differently or improve on it. Hacking itself should not be outlawed but a hacker is help responsible if they cause damage/cost. Cracking is another matter.

0
 |     Reply    Report
Share   
Hide replies ∧
Member
clint kirk says:
18 October 2011

tweetiepooh raises an important point: the media have corrupted the original meaning of the term ‘hacker’, which means someone interested in learning about the inner workings of computer systems, as opposed to the casual user who sees them as a ‘black box’ and is just content with using them. The Jargon File defines the media’s usage of Hacker as the last definition, marked ‘deprecated’ on this page: http://catb.org/jargon/html/H/hacker.html .

This distinction is important because many law-abiding hackers who delve deep into their own copies of the operating system on their own computers often get the undeserved label of a computer criminal due to this confusion in the definition of the word.

0
 |     Reply    Report
Share   
Member
Em says:
12 October 2011

… Hacking for financial gain is wrong. It’s a crime and the authorities should fight it. …

Regardless of how Which? researchers choose to define it, pretty well any of the activities described under the hacking banner is a criminal act, irrespective of financial motive.

Please read the Computer Misuse Act 1990, a law which came about precisely because earlier attempted convictions under the Forgery and Counterfeiting Act failed. (Signing onto a computer system with false credentials is an act of forgery, but without a financial motive these ancient laws were ineffective in dealing with computer attacks.)

Where even so-called “ethical” hackers go wrong is in i) knowingly attempting to circumvent security controls and then ii) leaving traces of their activity or acting on information they are not entitled to access, just to prove they’ve been there so they can revel in their success.

It’s rather like suggesting joy riders carry out a public service by demonstrating how easy it is to break into cars and thrash them around the streets for a few hours, thus leading to improvements in vehicle security and saving us all from having our cars stolen by nasty professional gangs of thieves.

Apart from the criminal nature of what most hackers do, you seem to have overlooked that we are all paying a daily price for their unauthorized and unelected activities, whether we want to not. I’ll have to assume Which? run anti-virus software on their PC systems and firewalls on their networks, but the rest of us certainly do. How much does that cost each and every one of us who uses a computer? Ever noticed how sluggish your PC is to boot up with anti-virus software running? What does that equate to in lost productivity?

… However, I don’t think hackers are all bad …

Agreed, but almost by definition, the only ethical hackers are the ones you’ve never heard of, because they don’t talk about their work or share information with others. Firstly, they do not actively and knowingly attempt to breach the security of systems they are not authorized to access, but when they think they’ve found a loophole, they report it to the responsible body concerned.

Only when that organization fails to take action in a reasonable time frame, should the information then be made public – and after balancing that decision against the risk of alerting those with criminal intent of an opportunity waiting to be tapped. Were Sony given due warning?

0
 |     Reply